It is quite likely you have never heard of the term spear phishing, but it is an issue you would be well advised to be aware of. Let me explain:
Phishing is a term to describe fake emails used to trick or attack an individual or an organisation. Scam emails can be sent globally at any one time to millions of potential victims. Sometimes the content of the email will be a plea for help, usually financial, offering a once in a lifetime opportunity or tempting you to take immediate action. When you click on a link in a phishing email you will be taken to a malicious website where attempts will be made to gain access to your computer and access to your personal details, such as your bank account.
However, Cyber criminals are becoming much more sophisticated and are now more targeted in their approach and this has led to the emergence of a new and dangerous phenomenon – spear phishing.
Unlike general phishing, with spear phishing the cyber attackers carefully research their intended targets, such as gaining information from their social media accounts or from any other information they put on the internet from their PC. For example, they might scan social networking sites to find a targets page, their email address and their friends list. Often spear phishers are not after money, there are more likely to target specific organisations to obtain high level confidential information such as business plans, corporate secrets or plans for sensitive technology.
You may feel you are far too sensible to fall for a trick of this kind, but these cyber criminals are a clever bunch of guys and gals. Using information they have found the spear phisher can pose as someone you know and send emails which appear to come from a trusted source such as your accountant, solicitor, your bank or work colleagues. They will then try to trick you into handing over confidential and sensitive information that they can use for their criminal purposes. Every individual at any business, corporation or organisation is a real target for the spear phisher and we all need to take action to protect ourselves.
So, how do we protect ourselves from these clever cyber criminals, you may ask. Well, here at N2S, we have spent years perfecting our data protection services, so we truly qualified to advise on this matter:
- The first step in protecting yourself is to be aware you and your organisation are a target
- It is advisable to limit the amount of personal or sensitive information you put on your social media accounts or websites. This will make it more difficult for the cyber criminal to effectively research the details they need to trick you
- Unless you are 100% sure of the emails origin avoid opening attachments or clicking on links
- If the email comes from a person or company you know, then use the contact details you already have for them
- If you an employee or sub-contractor support the security efforts of the company you are working for by following appropriate guidelines and policies which may be in place
- Use security tool such as antivirus software and encryption
- Think about your passwords. Always vary your passwords, do not regularly use the same one of different platforms. Do not make password obvious, for example by using your initials, make them difficult for anyone to workout. Have a different password for every site or platform you use and change them sporadically
- When you get notices from software vendors to update your software, do it. Most operating system and browser updates included additional security measures
- If an email seems strange in any way or you feel you may have fallen victim to a spear phishing attack then inform your help desk, security team or even the police immediately.